package com.storyroad.servlet;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.storyroad.utils.DBConnection;
import com.storyroad.utils.TableNames;

/**
 * Servlet implementation class DeleteUser
 */
public class DeleteUser extends HttpServlet {
	private static final long serialVersionUID = 1L;

	/**
	 * @see HttpServlet#HttpServlet()
	 */
	public DeleteUser() {
		super();
		// TODO Auto-generated constructor stub
	}

	/**
	 * Delete a registered user from the system. Upon successful deletion, all content associated with this user is also
	 * removed from the system. Only the admin is allowed to carry out this operation.
	 * @param request HttpServletRequest object that contains data coming from front-end
	 * @param response HttpServletResponse object that contains data which is prepared after processing the incoming data
	 * @throws ServletException
	 * @throws IOException
	 */
	protected void processRequest(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {

		String username;
		String deleteUsername;
		String f_requestType = request.getParameter("request_type");
		Connection conn = new DBConnection().connect();
		PrintWriter out = response.getWriter();
		PreparedStatement stmt = null;

		if (f_requestType == null || !f_requestType.equals("Android")) {
			f_requestType = "Web";
			username = (String) request.getSession().getAttribute("username");
			if (username == null) {
				// If username is not valid redirect to login page.
				response.sendRedirect(response.encodeRedirectURL(request.getContextPath() + "/LoginPage.jsp"));
				return;
			}
		} else {
			username = request.getParameter("username");
		}
		
		// If it is not the admin, generate an error message and terminate operation.
		if (username == null || !username.equals("admin")) {
			out.print("You are not allowed to do this!");
			return;
		}

		if (conn == null) {
			out.println("Connection error");
		} else {
			try {
				deleteUsername = request.getParameter("deleteUsername");
				stmt = conn.prepareStatement("DELETE FROM "	+ TableNames.USERS_TABLE + " WHERE username = ?");
				stmt.setString(1, deleteUsername);

				int databaseResponse = stmt.executeUpdate();
				boolean deleteSuccess = false; // as default
				if (databaseResponse == 1) {
					deleteSuccess = true;
				} else {
					deleteSuccess = false;
				}

				request.setAttribute("deleteSuccess", deleteSuccess);
			} catch (SQLException e) {
				// TODO Auto-generated catch block
				out.print(e.getMessage());
				e.printStackTrace();
			}
			try {
				conn.close();
			} catch (SQLException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			}
		}
	}

	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
	 *      response)
	 */
	protected void doGet(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		processRequest(request, response);
	}

	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
	 *      response)
	 */
	protected void doPost(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		processRequest(request, response);
	}

}
